On 01/16/2016 05:13 PM, Perry E. Metzger wrote: > On Sat, 16 Jan 2016 16:52:29 -0800 Mark Sapiro <m...@msapiro.net> > wrote: >> >> Please provide some examples. If there is any discernable pattern, >> it might be blockable without impacting real subscribers. > > I don't have a lot of examples (haven't been saving them as I nuke > stuff out of the postfix queue) but I just nuked one aimed at what > I could characterize as user\+[a-z]+[0-9]@gmail.com
Is that just one digit? If so, that's a tough one to separate from legit ones, but in what I've seen the 'user' part doesn't vary all that much so you could focus on that. > I already had a regexp in to nuke everything aimed at a post-+ > section with just digits. I'm reluctant to go further than that > immediately, although I suspect trailing digits after alphabeticals > are also unlikely to be real submailboxes. I certainly agree that 3 or more and perhaps even 2 trailing digits is unlikely, but a single trailing digit is likely too agressive. Just for info, there are a total of 60580 subscriptions with 41715 unique email addresses to lists @python.org. Of the 41745, 620 have a '+' in the address and of those, 24 have at least one digit immediately before the @. of the 25, 15 are subscriptions for the nabble.com archiving service and 2 are subscriptions for a googlegroups archiving service. Of the remaining 7, there are 2 +python3000, 1 +python-3000 and 1 +py3000, and the other 3 have only one digit including one +mm3. So, in this installation at least, \+.*[0-9]@ is rare and most of even those are archivers with multiple digits or are probably motivated by the nature of the installation. > Would it be hard to add optional recaptcha support for the pages with > forms in a future release? That would probably prevent most such > games and it doesn't seem so bad. I hate them. I'd really have to be convinced of the need. In any case, you already have that ability. The only place I think you need it is the subscribe form on the listinfo page. It is a simple matter to install a sitewide custom listinfo template in (for example for english) $prefix/templates/site/en/listinfo.html or to make a list specific one through the web admin UI. Since reCAPTCHA in particular requires registration and perhaps other steps outside of Mailman, I don't think it's too burdensome that the Mailman part requires making a custom template. -- Mark Sapiro <m...@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
